PayPal IPN returns Invalid

2
votes

I have a PayPal IPN script written in PHP, but I cannot get it to work no matter what I try.

PayPal returns "INVALID" using the PayPal sandbox & PayPal IPN simulator. I've yet to try it live, but it will probably return the same.

<?php
///
// read the post from PayPal system and add 'cmd'
    $req = 'cmd=_notify-validate';  
    // Are we using magic quotes?
    $get_magic_quotes_exists = false;
    if(function_exists('get_magic_quotes_gpc')){
            $get_magic_quotes_exists = true;
    }
    foreach($_POST as $key => $value){
        // Handle escape characters, which depends on setting of magic quotes
        if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1){ 
            $value = urlencode(stripslashes($value));
        }else{
            $value = urlencode($value);
        }
        if($get_magic_quotes_exists && get_magic_quotes_gpc() == 1){
            $req .= '&' . $key . '=' . urlencode(stripslashes(html_entity_decode($value, ENT_COMPAT, 'windows-1252')));
            $dc .= '&' . $key . '=' . urlencode(stripslashes(html_entity_decode($value, ENT_COMPAT, 'windows-1252')));
            $emailtext .= "\n" . $key . "=" . urlencode(stripslashes(html_entity_decode($value, ENT_COMPAT, 'windows-1252')));
        }else{
            $req .= '&' . $key . '=' . urlencode(html_entity_decode($value, ENT_COMPAT, 'windows-1252'));
            $dc .= '&' . $key . '=' . urlencode(html_entity_decode($value, ENT_COMPAT, 'windows-1252'));
            $emailtext .= "\n" . $key . "=" . urlencode(html_entity_decode($value, ENT_COMPAT, 'windows-1252'));
        }
    }
    /*// post back to PayPal system to validate
    $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
    $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
    $header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
    $fp = fsockopen('www.sandbox.paypal.com', 80, $errno, $errstr, 30);*/
    // CURL
    $ch = curl_init('https://www.sandbox.paypal.com/cgi-bin/webscr');
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/x-www-form-urlencoded", "Content-Length: " . strlen($req)));
    curl_setopt($ch, CURLOPT_HEADER, false);
    curl_setopt($ch, CURLOPT_VERBOSE, 1);
    curl_setopt($ch, CURLOPT_TIMEOUT, 30);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    $res = curl_exec($ch);
    if(curl_error($ch)) {
        $last_error = 'Could not connect to CURL';
    }
    curl_close($ch);
    // Write to log...
    $myFile = "log.txt";
    $fh = fopen($myFile, 'w');
    $stringData = "IPN REQUEST\n\n$req";
    fwrite($fh, $stringData);
    $stringData = "\n\nIPN RESPONSE:\n\n$res";
    fwrite($fh, $stringData);
    fclose($fh);
    if(strcmp($res, 'VERIFIED') == 0){
        // check the payment_status is Completed
        if($payment_status != 'Completed'){
            $last_error = "Payment was not completed.";
            //exit($last_error);
    }

I've tried both CURL and Fsockopen. OpenSSL is enabled on the server.

Here is a sample of the data posted back to PayPal:

cmd=_notify-validate&test_ipn=1&payment_type=instant&payment_date=12%253A06%253A49%2BAug%2B14%252C%2B2011%2BPDT&payment_status=Completed&address_status=confirmed&payer_status=verified&first_name=Peter&last_name=Anderson&payer_email=paypal2.test%2540gmail.com&payer_id=TESTBUYERID01&address_name=John%2BSmith&address_country=United%2BStates&address_country_code=US&address_zip=95131&address_state=CA&address_city=San%2BJose&address_street=123%252C%2Bany%2Bstreet&business=dr.pa%2540custcarecentral.com&receiver_email=paypal.test%2540custcarecentral.com&receiver_id=TESTSELLERID1&residence_country=US&item_name=something&item_number=1&quantity=1&shipping=0&tax=0&mc_currency=USD&mc_fee=0&mc_gross=9.95&mc_gross_1=9.95&txn_type=web_accept&txn_id=49814196&notify_version=2.1&custom=xyz123&charset=windows-1252&verify_sign=A6PXLu.ocjeCd4T66jio.zEQRv65AD4orMH3FTVR7QibqBGYTnYA8ToF

The Fsock one I've tried worked on a different server, but not this one.

Can anyone help me? I am really starting to lose my patience over this.

Thanks in advance

1
phppaypalpaypal-ipn
A known working IPN verification script to compare against: scriptdevelopers.net/download/paypal_ipn_class.zipDan Grossman
Thanks, the script you posted works (although the PayPal url is incorrect for the sandbox). I'll have a look at what that's doing right, and why mines isn't working.Peter
On second look... are you calling urlencode() on $value twice?Micah Carrick

1 Answers

0
votes

You may want to try PHP-PayPal-IPN. It's pretty simple and takes care of posting to PayPal with some pretty easy to understand error handling. It allows you to choose SSL/HTTP and fsockopen/cURL.

Your code would look something like this:

ini_set('log_errors', true);
ini_set('error_log', dirname(__FILE__).'/ipn_errors.log');

include('ipnlistener.php');
$listener = new IpnListener();
$listener->use_sandbox = true;

try {
    $verified = $listener->processIpn();
} catch (Exception $e) {
    error_log($e->getMessage());
    exit(0);
}

if ($verified) {
    // TODO: Implement additional fraud checks and MySQL storage
    mail('YOUR EMAIL ADDRESS', 'Valid IPN', $listener->getTextReport());
} else {
    // manually investigate the invalid IPN
    mail('YOUR EMAIL ADDRESS', 'Invalid IPN', $listener->getTextReport());
}

You would check the error log for hard errors (like an invalid HTTP response code from PayPal) and your email for working IPNs. You could also just look at the source for some ideas.

I'm a little curious about your use of html_entity_decode(). What type of server are you running?